Publicly listed companies in the US have been asked to disclose when they've been hacked, according to new guidance issued by the Securities and Exchange Commission.
The market regulator has let firms know that they can no longer hide cyber attacks if that attack could cause financial damage to the company or make the financial …

Unfortunatley

The worst companies don't even know when they have been hacked, and so will not report anything. They then will look like the good guys compared to companies who at least can detect hacks. Not saying it shouldn't happen, but just that you have to dig into the resulting statistics to see who really is good/bad at security.